VMworld 2021 – My Top 10 Picks around Kubernetes

Well here we are again – another VMworld has come around. As most of you will know, VMworld 2021 is going to be another “fully virtual” event (no pun intended), the same as it was for VMworld 2020. Hard to imagine that it is 3 years since I presented at VMworld 2018 in Las Vegas, and 2 years since I presented at VMworld EMEA 2019 in Barcelona. Strange days indeed. Let’s hope we can all get together at VMworld 2022 and have a blast. Like previous years, I have picked out a few presentations that I plan on attending at…

vSAN File Service backed Persistent Volumes Network Access Controls [Video]

A short video to demonstrate how network access to Kubernetes Persistent Volumes, that are backed by vSAN File Service file shares, can be controlled. This allows an administrator to determine who has read-write access and who has read-only access to a volume, based on the network from which they are accessing the volume. This involves modifying the configuration file of the vSphere CSI driver, as shown in the following demonstration. The root squash parameter can also be controlled using this method. This links to a more detailed step-by-step write-up on how to configure the CSI driver configuration file and control…

vSAN File Service backed RWX Persistent Volume Quota [Video]

A short video to demonstrate how vSAN File Service file shares, which are used to back dynamically created Kubernetes read-write-many persistent volumes (PVs) have an implicit hard quota associated with them. Read-Write-Many (RXW) PVs are volumes which can be shared between multiple Kubernetes Pods. For more details about this feature, please check out this earlier blog post.

Adding Network Permissions to Kubernetes PVs backed by vSAN File Share

Last week I looked at how quotas were implicit on Kubernetes RWX Persistent Volumes which were instantiated on vSAN File Service file shares. This got me thinking about another feature of Kubernetes Persistent Volumes –  how could some of the other parameters associated with file shares be controlled? In particular, I wanted to control which networks could access a volume, what access permissions were allowed from that network and whether we could squash root privileges when a root user accesses a volume? All of these options are configurable from the vSphere client and are very visible when creating file shares…

vSAN File Service & Kubernetes PVs with an implicit quota

Earlier this week, I participated in a customer call around vSAN File Service and Kubernetes Persistent Volumes. I have highlighted the dynamic Read-Write-Many Persistent Volume feature of our vSphere CSI driver in conjunction with vSAN File Service before. Read-Write-Many (RWX) volumes are volumes that can be accessed/shared by multiple containers. During the discussion, one question came up in relation to quota, and if it can be applied to Persistent Volumes which are backed by file shares from vSAN File Service, which is the purpose of this post. Now, for those of you who are familiar with vSAN File Service, you…

AND and OR Rules in Storage Policies

I was recently working in an environment where my vCenter server was managing two vSAN clusters, each with its own datastore. I wanted to be able to choose which datastore to provision to via storage policy, but came across some unexpected behaviour. When I configured my vSAN Rule and my Tag Rule, it seems that both datastores would appear as compliant to the policy. I found out the reason, and decided to write it up as I had never known this was how policies AND and OR rules behaved until now. Setting up Tags I created a Tags Category called…